liquid_feedback_frontend
changeset 1703:5eb8b596f7d4
Added OAuth2 client code
| author | bsw |
|---|---|
| date | Mon Sep 27 10:58:14 2021 +0200 (2021-09-27) |
| parents | 4ddc5841e136 |
| children | cd3b521dc735 |
| files | app/main/_filter/21_auth.lua app/main/oauth2_client/callback.lua app/main/oauth2_client/redirect.lua |
line diff
1.1 --- a/app/main/_filter/21_auth.lua Mon Sep 27 10:57:00 2021 +0200 1.2 +++ b/app/main/_filter/21_auth.lua Mon Sep 27 10:58:14 2021 +0200 1.3 @@ -137,14 +137,22 @@ 1.4 error("array type params not implemented") 1.5 end 1.6 end 1.7 - request.redirect{ 1.8 - module = 'index', view = 'login', params = { 1.9 - redirect_module = module, 1.10 - redirect_view = view, 1.11 - redirect_id = param.get_id(), 1.12 - redirect_params = params 1.13 + if config.login and config.login.method == "oauth2" then 1.14 + request.redirect{ 1.15 + module = "oauth2_client", 1.16 + view = "redirect", 1.17 + params = { provider = config.login.provider } 1.18 } 1.19 - } 1.20 + else 1.21 + request.redirect{ 1.22 + module = 'index', view = 'login', params = { 1.23 + redirect_module = module, 1.24 + redirect_view = view, 1.25 + redirect_id = param.get_id(), 1.26 + redirect_params = params 1.27 + } 1.28 + } 1.29 + end 1.30 elseif auth_needed and app.session.member.locked then 1.31 trace.debug("Member locked.") 1.32 request.redirect{ module = 'index', view = 'login' }
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/app/main/oauth2_client/callback.lua Mon Sep 27 10:58:14 2021 +0200 2.3 @@ -0,0 +1,88 @@ 2.4 +local provider = param.get("provider") 2.5 +local provider_config = config.oauth2_providers[provider] 2.6 +if not provider_config then 2.7 + return 2.8 +end 2.9 + 2.10 + 2.11 +local error = param.get("error") 2.12 + 2.13 +if error then 2.14 + ui.heading{ content = "OAuth error" } 2.15 + ui.container{ content = error } 2.16 + return 2.17 +end 2.18 + 2.19 +local state = param.get("state") 2.20 + 2.21 +if state ~= app.session:additional_secret_for("oauth") then 2.22 + ui.heading{ content = "OAuth error" } 2.23 + ui.container{ content = "state invalid" } 2.24 + return 2.25 +end 2.26 + 2.27 +local code = param.get("code") 2.28 + 2.29 +local params = { 2.30 + code = code, 2.31 + client_id = provider_config.client_id, 2.32 + client_secret = provider_config.client_secret, 2.33 + redirect_uri = request.get_absolute_baseurl() .. "oauth2_client/callback.html?provider=" .. provider, 2.34 + grant_type = "authorization_code" 2.35 +} 2.36 + 2.37 +local params_list = {} 2.38 +for key, val in pairs(params) do 2.39 + table.insert(params_list, encode.url_part(key) .. "=" .. encode.url_part(val)) 2.40 +end 2.41 + 2.42 +local r = table.concat(params_list, "&") 2.43 + 2.44 +local output, err, status = extos.pfilter(nil, "curl", "-X", "POST", "-d", r, provider_config.token_url) 2.45 + 2.46 +local result = json.import(output) 2.47 + 2.48 +local url = provider_config.id_url .. "?access_token=" .. encode.url_part(result.access_token) 2.49 + 2.50 +local output, err, status = extos.pfilter(nil, "curl", url) 2.51 + 2.52 +local id_result = json.import(output) 2.53 + 2.54 +local id = id_result[provider_config.id_field] 2.55 +local email = id_result[provider_config.email_field] 2.56 + 2.57 +if id then 2.58 + local member = Member:new_selector() 2.59 + :add_where{ "authority = ?", "oauth2_" .. provider } 2.60 + :add_where{ "authority_uid = ?", id } 2.61 + :optional_object_mode() 2.62 + :exec() 2.63 + 2.64 + if not member then 2.65 + member = Member:new() 2.66 + member.authority = "oauth2_" .. provider 2.67 + member.authority_uid = id 2.68 + member.notify_email = email 2.69 + member.name = "Member " .. id 2.70 + member.identification = "Member " .. id 2.71 + member.activated = "now" 2.72 + member:save() 2.73 + for i, unit_id in ipairs(provider_config.unit_ids) do 2.74 + local privilege = Privilege:new() 2.75 + privilege.member_id = member.id 2.76 + privilege.unit_id = unit_id 2.77 + privilege.initiative_right = true 2.78 + privilege.voting_right = true 2.79 + privilege:save() 2.80 + end 2.81 + end 2.82 + member.last_login = "now" 2.83 + member.last_activity = "now" 2.84 + member.active = true 2.85 + member:save() 2.86 + app.session.member = member 2.87 + app.session:save() 2.88 + request.redirect{ external = request.get_absolute_baseurl() } 2.89 + 2.90 +end 2.91 +
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/app/main/oauth2_client/redirect.lua Mon Sep 27 10:58:14 2021 +0200 3.3 @@ -0,0 +1,29 @@ 3.4 +local provider = param.get("provider") 3.5 +local provider_config = config.oauth2_providers[provider] 3.6 +if not provider_config then 3.7 + return 3.8 +end 3.9 + 3.10 +local params = { 3.11 + response_type = "code", 3.12 + redirect_uri = request.get_absolute_baseurl() .. "oauth2_client/callback.html?provider=" .. provider, 3.13 + client_id = provider_config.client_id, 3.14 + --scope = provider_config.scope, 3.15 + state = app.session:additional_secret_for("oauth"), 3.16 +} 3.17 + 3.18 +if provider_config.additional_auth_params then 3.19 + for key, val in pairs(provider_config.additional_auth_params) do 3.20 + params[key] = val 3.21 + end 3.22 +end 3.23 + 3.24 +local params_list = {} 3.25 +for key, val in pairs(params) do 3.26 + table.insert(params_list, encode.url_part(key) .. "=" .. encode.url_part(val)) 3.27 +end 3.28 + 3.29 +local url = provider_config.auth_url .. "?" .. table.concat(params_list, "&") 3.30 + 3.31 +request.redirect{ external = url } 3.32 +